IvoNet

IvoNet

What the Heck Are OAuth and OIDC?

Session abstract

OAuth is not an API or a service: it is an open standard for authorization, any developer can implement it, and applications can use it to provide client applications with “secure delegated access.” OAuth works over HTTPS and authorizes devices, APIs, servers, and applications with access tokens rather than credentials. OpenID Connect (OIDC), built on top of the OAuth 2.0 protocol, enables clients to verify the identity of the user and obtain their basic profile information. This session covers how OAuth and OIDC work, when to use them, and frameworks/services that simplify authentication.

Speaker(s)

Name

Title

Company

Matt Raible

Developer Advocate

Okta

Session Info

Session type

Track

Developer Session

Modern Web

My Notes

OAuth has nothing to do with Authentication but everything with authorizations. Bad naming.

Delegated authorization inspired OAuth2.

Shoot I was distracted for a few minutes by mails and WhatsApp and missed a bit. Sry